P
US10320629B2ActiveUtilityPatentIndex 51

Illicit route viewing system and method of operation

Assignee: LEVEL 3 COMMUNICATIONS LLCPriority: Apr 17, 2015Filed: Apr 15, 2016Granted: Jun 11, 2019
Est. expiryApr 17, 2035(~8.8 yrs left)· nominal 20-yr term from priority
Inventors:BENJAMIN MICHAELBINGHAM SKYLER JREYNOLDS JOHN S
H04L 63/101H04L 43/12H04L 41/28H04L 63/10H04L 63/0227H04L 41/18H04L 63/1425H04L 43/045H04L 41/12H04L 41/22H04L 63/306H04L 63/107H04L 63/102H04L 63/0236
51
PatentIndex Score
0
Cited by
19
References
16
Claims

Abstract

A route viewing system includes a computing system that receives information associated with one or more routes through a network, and identifies the routes that are associated with at least one illicit user computer used by an illicit user. The computing system then obtains a source location of a source address of the routes and a destination location of a destination address of the routes, and displays the routes on a geographical display at the source location of the source address and the destination location of the destination address of each of the routes.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A route viewing system comprising:
 a computing system in communication with a network service computing device and comprising at least one memory for storing instructions that are executed by at least one processor to;
 receive information associated with one or more routes through a network; 
 identify the routes that are associated with at least one illicit user computer used by an illicit user; 
 obtain a source location of a source address of the routes associated with at least one illicit user computer and a destination location of a destination address of the routes associated with at least one illicit user computer; 
 display the routes on a geographical display showing the source location of the source address and the destination location of the destination address of each of the routes; 
 monitor communication across the routes associated with at least one illicit user computer; and 
 filter the identified routes according to one or more weighting values associated with one or more characteristics of the route, wherein the characteristics of the route include at least one of a type of malicious behavior associated with the route, the illicit user associated with the route, and a geographical region associated with the route. 
 
 
     
     
       2. The system of  claim 1 , wherein the instructions are further executed to display each of the routes with an indicium based upon a specified type of the route. 
     
     
       3. The system of  claim 1 , wherein the instructions are further executed to obtain the source location of the source address and the destination location of the destination address by obtaining latitude and longitude information associated with the source address and the destination address stored in the at least one memory. 
     
     
       4. The system of  claim 1 , wherein the instructions are further executed to display the routes that have existed during a time window comprising a range of time in the past. 
     
     
       5. The system of  claim 4 , wherein the instructions are further executed to receive user input for modifying a duration of the time window and an amount of time from the present. 
     
     
       6. The system of  claim 1 , wherein the instructions are further executed to:
 identify the routes that are associated with each of a plurality of illicit user computers used by a corresponding plurality of illicit users; 
 authorize a user to view the routes of a subset of the illicit users; and 
 display the routes on one of a plurality of geographical displays according to the authorization. 
 
     
     
       7. The system of  claim 1 , wherein the instructions are further executed to receive information associated with routes using network flow packets obtained from a tap, the tap comprising a netflow exporter. 
     
     
       8. A route viewing method comprising:
 receiving, using instructions stored in at least one memory and executed by at least one processor, information associated with one or more routes through a network; 
 identifying, using the instructions, the routes that are associated with at least one illicit user computer used by an illicit user; 
 obtaining, using the instructions, a source location of a source address of the routes associated with at least one illicit user computer and a destination location of a destination address of the routes associated with at least one illicit user computer; 
 displaying, using the instructions, the routes on a geographical display showing the source location of the source address and the destination location of the destination address of each of the routes; 
 monitoring communication across the routes associated with at least one illicit user computer; and 
 filtering the identified routes according to one or more weighting values associated with one or more characteristics of the route, wherein the characteristics of the route include at least one of a type of malicious behavior associated with the route, the illicit user associated with the route, and a geographical region associated with the route. 
 
     
     
       9. The method of  claim 8 , further comprising displaying each of the routes with an indicium based upon a specified type of the route. 
     
     
       10. The method of  claim 8 , further comprising obtaining the source location of the source address and the destination location of the destination address by obtaining latitude and longitude information associated with the source address and the destination address stored in the at least one memory. 
     
     
       11. The method of  claim 8 , further comprising displaying the routes that have existed during a time window comprising a range of time in the past. 
     
     
       12. The method of  claim 11 , further comprising receiving user input for modifying a duration of the time window and an amount of time from the present. 
     
     
       13. The method of  claim 8 , further comprising:
 identifying the routes that are associated with each of a plurality of illicit user computers used by a corresponding plurality of illicit users; 
 authorizing a user to view the routes of a subset of the illicit users; and 
 displaying the routes on one of a plurality of geographical displays according to the authorization. 
 
     
     
       14. The method of  claim 8 , further comprising receiving information associated with routes using network flow packets obtained from a tap, the tap comprising a netflow exporter. 
     
     
       15. Code implemented in a non-transitory, computer readable medium that when executed by at least one processor, is operable to perform at least the following:
 receiving information associated with one or more routes through a network; 
 identifying the routes that are associated with at least one illicit user computer used by an illicit user; 
 obtaining a source location of a source address of the routes associated with at least one illicit user computer and a destination location of a destination address of the routes associated with at least one illicit user computer; 
 displaying the routes on a geographical display showing the source location of the source address and the destination location of the destination address of each of the routes; 
 monitoring communication across the routes associated with at least one illicit user computer; and 
 filtering the identified routes according to one or more weighting values associated with one or more characteristics of the route, wherein the characteristics of the route include at least one of a type of malicious behavior associated with the route, the illicit user associated with the route, and a geographical region associated with the route. 
 
     
     
       16. The code of  claim 15 , further operable to perform obtaining the source location of the source address and the destination location of the destination address by obtaining latitude and longitude information associated with the source address and the destination address stored in the at least one memory.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.